/alcasar.sh |
---|
1274,7 → 1274,7 |
# Adapt the main conf file |
# French deny HTML page |
$SED "s?^language =.*?language = french?g" $DIR_DG/e2guardian.conf |
$SED "s?^language =.*?language = 'french'?g" $DIR_DG/e2guardian.conf |
# Listen only on LAN side |
$SED "s?^filterip.*?filterip = $PRIVATE_IP?g" $DIR_DG/e2guardian.conf |
# The port that E2guardian listens to HTTP |
1288,10 → 1288,12 |
$SED "s?^loglevel =.*?loglevel = 0?g" $DIR_DG/e2guardian.conf |
# Disable HTML content control |
$SED "s?^weightedphrasemode =.*?weightedphrasemode = 0?g" $DIR_DG/e2guardian.conf |
cp $DIR_DG/lists/bannedphraselist $DIR_DG/lists/bannedphraselist.default |
# ??? |
cp $DIR_DG/lists/bannedphraselist $DIR_DG/lists/bannedphraselist.default |
$SED "s?^[^#]?#&?g" $DIR_DG/lists/bannedphraselist # (comment what is not) |
# Disable URL control with regex |
cp $DIR_DG/lists/bannedregexpurllist $DIR_DG/lists/bannedregexpurllist.default |
# do nothing |
cp $DIR_DG/lists/bannedregexpurllist $DIR_DG/lists/bannedregexpurllist.default |
$SED "s?^[^#]?#&?g" $DIR_DG/lists/bannedregexpurllist # (comment what is not) |
# Adapt the first group file (only one for instance) |
1299,15 → 1301,15 |
# Reporting (deny page) in HTML |
$SED "s/^reportinglevel =.*/reportinglevel = 3/g" $DIR_DG/e2guardianf1.conf |
# Replace the default deny HTML page (only fr & uk) |
[ -e /usr/share/e2guardian/languages/french/template.html.default ] || mv /usr/share/e2guardian/languages/french/template.html /usr/share/e2guardian/languages/french/template.html.default |
[ -e /usr/share/e2guardian/languages/ukenglish/template.html.default ] || mv /usr/share/e2guardian/languages/ukenglish/template.html /usr/share/e2guardian/languages/french/template.html.default |
cp -f $DIR_CONF/template.html /usr/share/e2guardian/languages/ukenglish/template.html |
cp -f $DIR_CONF/template-fr.html /usr/share/e2guardian/languages/french/template.html |
# Replace the default deny HTML page (only fr & uk) --> search why our pages make the server crash... |
# [ -e /usr/share/e2guardian/languages/french/template.html.default ] || mv /usr/share/e2guardian/languages/french/template.html /usr/share/e2guardian/languages/french/template.html.default |
# cp -f $DIR_CONF/template-fr.html /usr/share/e2guardian/languages/french/template.html |
# [ -e /usr/share/e2guardian/languages/ukenglish/template.html.default ] || mv /usr/share/e2guardian/languages/ukenglish/template.html /usr/share/e2guardian/languages/ukenglish/template.html.default |
# cp -f $DIR_CONF/template.html /usr/share/e2guardian/languages/ukenglish/template.html |
# Dont filtering files by extension or mime-type (empty list) |
[ -e $DIR_DG/lists/bannedextensionlist.default ] || mv $DIR_DG/lists/bannedextensionlist $DIR_DG/lists/bannedextensionlist.default |
touch $DIR_DG/lists/bannedextensionlist |
[ -e $DIR_DG/lists/bannedmimetypelist.default ] || mv $DIR_DG/lists/bannedmimetypelist $DIR_DG/lists/bannedmimetypelist.default |
touch $DIR_DG/lists/bannedextensionlist |
touch $DIR_DG/lists/bannedmimetypelist |
# Empty LAN IP list that won't be WEB filtered |
[ -e $DIR_DG/lists/exceptioniplist.default ] || mv $DIR_DG/lists/exceptioniplist $DIR_DG/lists/exceptioniplist.default |
1394,8 → 1396,7 |
[ -e /etc/freshclam.conf.default ] || cp /etc/freshclam.conf /etc/freshclam.conf.default |
$SED "s?^Checks.*?Checks 6?g" /etc/freshclam.conf |
$SED "s?^NotifyClamd.*?# NotifyClamd /etc/clamd.conf?g" /etc/freshclam.conf |
$SED "/^DatabaseMirror/i DatabaseMirror db.fr.clamav.net" /etc/freshclam.conf |
$SED "/^DatabaseMirror db.fr.clamav.net/i DatabaseMirror switch.clamav.net" /etc/freshclam.conf |
$SED "/^DatabaseMirror/a DatabaseMirror db.fr.clamav.net" /etc/freshclam.conf |
$SED "s?MaxAttempts.*?MaxAttempts 3?g" /etc/freshclam.conf |
# update now |
/usr/bin/freshclam --no-warnings |
1425,7 → 1426,7 |
$SED "s?^#LogFile.*?LogFile \"/var/log/tinyproxy/tinyproxy.log\"?g" /etc/tinyproxy/tinyproxy.conf |
$SED "s?^#PidFile.*?PidFile \"/var/run/tinyproxy/tinyproxy.pid\"?g" /etc/tinyproxy/tinyproxy.conf |
$SED "s?^LogLevel.*?LogLevel Error?g" /etc/tinyproxy/tinyproxy.conf # Only errors are logged |
$SED "s?^#Upstream.*?Upstream 127.0.0.1:8090?g" /etc/tinyproxy/tinyproxy.conf # forward to HAVP |
$SED "s?^#Upstream.*?Upstream http 127.0.0.1:8090?g" /etc/tinyproxy/tinyproxy.conf # forward to HAVP |
$SED "s?^#DisableViaHeader.*?DisableViaHeader Yes?g" /etc/tinyproxy/tinyproxy.conf # Stealth mode |
$SED "s?^Allow.*?Allow $PRIVATE_NETWORK_MASK?g" /etc/tinyproxy/tinyproxy.conf # Allow from LAN |
# Create the systemd unit |
1441,7 → 1442,7 |
# The "sleep 2" is needed because the pid file isn't ready for systemd |
[Unit] |
Description=Tinyproxy Web Proxy Server |
After=network.target iptables.service |
After=network-online.target iptables.service |
[Service] |
Type=forking |
1449,7 → 1450,7 |
ExecStartPre=/bin/sleep 2 |
PIDFile=/var/run/tinyproxy/tinyproxy.pid |
ExecStart=/usr/sbin/tinyproxy -c /etc/tinyproxy/tinyproxy.conf |
ExecStop=/usr/bin/killall -9 tinyproxy |
[Install] |
WantedBy=multi-user.target |
EOF |
2229,7 → 2230,7 |
EOF |
/usr/bin/systemctl daemon-reload |
# processes launched at boot time (Systemctl) |
for i in alcasar-load_balancing mysqld lighttpd php-fpm ntpd iptables unbound unbound-blacklist unbound-whitelist dnsmasq-whitelist unbound-blackhole radiusd nfsen e2guardian freshclam ulogd-ssh ulogd-traceability ulogd-ext-access chilli fail2ban havp tinyproxy vnstat sshd |
for i in alcasar-load_balancing mysqld lighttpd php-fpm ntpd iptables unbound unbound-blacklist unbound-whitelist dnsmasq-whitelist unbound-blackhole radiusd nfsen e2guardian clamav-freshclam ulogd-ssh ulogd-traceability ulogd-ext-access chilli fail2ban havp tinyproxy vnstat sshd |
do |
/usr/bin/systemctl -q enable $i.service |
done |
/conf/template-fr.html |
---|
1,4 → 1,5 |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> |
<html> |
<head> |
<title>ALCASAR - Access Denied</title> |
22,7 → 23,6 |
--> |
<tr> |
<td align=center valign=bottom width=150 bgcolor=#B0C4DE> |
<font face=arial,helvetica size=1 color=black> |
<img src="data:image/gif;base64, |
iVBORw0KGgoAAAANSUhEUgAAAJYAAACVCAYAAAC6lQNMAAAAAXNSR0IArs4c6QAAAAZiS0dEAP8A |
/wD/oL2nkwAAAAlwSFlzAAALEwAACxMBAJqcGAAAAAd0SU1FB9oLGBYFN0BtVQAAACAASURBVHja |
781,7 → 781,7 |
DAGX+2tY3h5ERk62liqN5+Z8qx0vOGMrSWxKUcgcKZBmJqV8II9ABOdfIx34jJYdFJmLtX7d3TiR |
t1YiuVAL6+ATQfA4kY9up8qFm8369X1mYz7fW8fqztkwXPlwDNZviAhOd1d046mZ+2p3xoy1mpxV |
JFAmNZQY/68eaG9+t06glBIBiQ61I2bLik2pkO9Olotx9aBmiObk5xlX9SoWa0cYMWLEH/kGMQSD |
0P69yv4AAAAASUVORK5CYII="/> |
0P69yv4AAAAASUVORK5CYII="> |
</td> |
<td width=550 bgcolor=#FFFFFF align=center valign=center> |
<font face=arial,helvetica color=black> |
807,9 → 807,7 |
</td> |
</tr> |
</table> |
</body> |
</html> |
<!-- |
819,13 → 817,23 |
- REASONLOGGED- gives the reason that gets logged including full details. |
- USER- gives the username if known. |
- IP- gives the originating IP. |
- HOST- gives the originating hostname if known. |
- RAWFILTERGROUP- gives the group number. |
- FILTERGROUP- gives the group name. |
- SERVERIP- gives the IP address on which the filter is running (correct for multiple filterip lines, but not if filterip option is blank). |
- BYPASS- gives URL which allows temporary bypass of denied page |
- CATEGORIES- gives the categories assigned to the banned content |
You need to remove the space between the - and the variable to use them |
in your HTML. They are there above so extra processing is not required. |
More example templates are likely to be found on the E2Guardian web site |
More example templates are likely to be found on the e2guardian web site |
on the Extras page. |
Daniel Barron 2002-03-27 |
This page was designed by Paul Richards. (http://www.ridney.com/) |
Daniel Barron 2003-09-01 |
#Translated by: Mathieu Parent 2011 |
--> |
/scripts/alcasar-daemon.sh |
---|
16,7 → 16,7 |
LDAP=${LDAP:=off} |
INTIF=`grep ^INTIF= $conf_file|cut -d"=" -f2` # INTIF name |
EXTIF=`grep ^EXTIF= $conf_file|cut -d"=" -f2` # EXTIF name |
SERVICES="mysqld lighttpd php-fpm ntpd havp unbound unbound-blacklist unbound-whitelist dnsmasq-whitelist unbound-blackhole radiusd tinyproxy nfsen e2guardian freshclam ulogd-ssh ulogd-traceability ulogd-ext-access chilli fail2ban sshd vnstat gammu-smsd" |
SERVICES="mysqld lighttpd php-fpm ntpd havp unbound unbound-blacklist unbound-whitelist dnsmasq-whitelist unbound-blackhole radiusd tinyproxy nfsen e2guardian clamav-freshclam ulogd-ssh ulogd-traceability ulogd-ext-access chilli fail2ban sshd vnstat gammu-smsd" |
nb_available_srv=`echo $SERVICES|wc -w` |
function ServiceTest () { |
/scripts/alcasar-uninstall.sh |
---|
291,7 → 291,7 |
echo "----------------------------------------------------------------------------" |
echo "** Uninstall/Désinstallation d'ALCASAR **" |
echo "----------------------------------------------------------------------------" |
services="alcasar-load_balancing vnstat havp freshclam ntpd php-fpm lighttpd radiusd mysqld unbound unbound-blacklist unbound-whitelist dnsmasq-whitelist unbound-blackhole tinyproxy nfsen fail2ban iptables ulogd-ext-access ulogd-ssh ulogd-traceability e2guardian sshd chilli" |
services="alcasar-load_balancing vnstat havp clamav-freshclam ntpd php-fpm lighttpd radiusd mysqld unbound unbound-blacklist unbound-whitelist dnsmasq-whitelist unbound-blackhole tinyproxy nfsen fail2ban iptables ulogd-ext-access ulogd-ssh ulogd-traceability e2guardian sshd chilli" |
/usr/local/bin/alcasar-logout.sh all # logout everybody |
else |
echo "--------------------------------------------------------------------------" |
298,7 → 298,7 |
echo "** update/mise à jour d'ALCASAR **" |
echo "--------------------------------------------------------------------------" |
# unbound, iptables & sshd should stay on to allow remote update |
services="alcasar-load_balancing vnstat havp freshclam ntpd php-fpm lighttpd radiusd mysqld unbound-blacklist unbound-whitelist dnsmasq-whitelist unbound-blackhole tinyproxy nfsen fail2ban ulogd-ext-access ulogd-ssh ulogd-traceability e2guardian chilli" |
services="alcasar-load_balancing vnstat havp clamav-freshclam ntpd php-fpm lighttpd radiusd mysqld unbound-blacklist unbound-whitelist dnsmasq-whitelist unbound-blackhole tinyproxy nfsen fail2ban ulogd-ext-access ulogd-ssh ulogd-traceability e2guardian chilli" |
/usr/local/bin/alcasar-bypass.sh -on # to allow remote update |
fi |
old_services=" dnsmasq dnsmasq-blacklist dnsmasq-blackhole" |
/web/acc/admin/services.php |
---|
24,7 → 24,7 |
$l_mysqld = "Serveur de la base des usagers"; |
$l_lighttpd = "Serveur WEB (Alcasar Control Center)"; |
$l_sshd = "Accès sécurisée distant"; |
$l_freshclam = "Mise à jour de l'antivirus (toutes les 2 heures)"; |
$l_freshclam = "Mise à jour de l'antivirus (toutes les 4 heures)"; |
$l_ntpd = "Service de mise à l'heure réseau"; |
$l_fail2ban = "Détecteur d'intrusion"; |
$l_nfsen = "Grapheur de flux NetFlow"; |
63,7 → 63,7 |
$l_mysqld = "User database server"; |
$l_lighttpd = "WEB server (ALCASAR Control Center)"; |
$l_sshd = "Secure remote access"; |
$l_freshclam = "Antivirus update process (every 2 hours)"; |
$l_freshclam = "Antivirus update process (every 4 hours)"; |
$l_ntpd = "Network time server"; |
$l_fail2ban = "Intrusion Dectection System"; |
$l_nfsen = "Netflow grapher"; |
137,7 → 137,7 |
//------------------------------- |
// Actions on services |
//------------------------------- |
$autorizeService = array("radiusd","chilli","mysqld","lighttpd","unbound-forward","ulogd-ssh","ulogd-ext-access","ulogd-traceability","unbound-blacklist","unbound-whitelist","dnsmasq-whitelist","unbound-blackhole","e2guardian","havp","tinyproxy","freshclam","sshd","ntpd","fail2ban","nfsen","vnstat"); |
$autorizeService = array("radiusd","chilli","mysqld","lighttpd","unbound-forward","ulogd-ssh","ulogd-ext-access","ulogd-traceability","unbound-blacklist","unbound-whitelist","dnsmasq-whitelist","unbound-blackhole","e2guardian","havp","tinyproxy","clamav-freshclam","sshd","ntpd","fail2ban","nfsen","vnstat"); |
$autorizeAction = array("start","stop","restart"); |
if (isset($_GET['service'])&&(in_array($_GET['service'], $autorizeService))) { |
183,7 → 183,7 |
$FilterServiceStatus['e2guardian'] = checkServiceStatus("e2guardian"); |
$FilterServiceStatus['havp'] = checkServiceStatus("havp"); |
$FilterServiceStatus['tinyproxy'] = checkServiceStatus("tinyproxy"); |
$FilterServiceStatus['freshclam'] = checkServiceStatus("freshclam"); |
$FilterServiceStatus['clamav-freshclam'] = checkServiceStatus("clamav-freshclam"); |
$OptServiceStatus = array(); |
$OptServiceStatus['sshd'] = checkServiceStatus("sshd"); |
/web/language/alcasar-fr.txt |
---|
373,7 → 373,7 |
$l_httpd = "Serveur WEB (Centre de Gestion d'ALCASAR)"; |
$l_havp = "Filtre antivirus WEB"; |
$l_sshd = "Accès sécurisée à distance"; |
$l_freshclam = "Mise à jour de l'antivirus toutes les 2 heures"; |
$l_freshclam = "Mise à jour de l'antivirus toutes les 4 heures"; |
$l_ntpd = "Service de mise à l'heure réseau"; |